SudoJudoParticipantI created a method whilst working in a specific high security field quite some time ago.
- October 23, 2019 at 12:34 am
It was a decoration method. Basically use password managers for long strong passwords on things like most websites – there is no way you can remember a lot of unique strong random passwords, nor is it necessary to try, given the risk (for most websites). It’s sometimes possible to add a “pin” as a decoration if you need some protection against password manager compromise. Browser-password storage has been found to have many weaknesses over time.
How this works is, you allow your password manager to auto-fill the password. For example:
is the password your password manager auto-fills. Then you have your own personal, confidential decoration. For example 129219, so you MANUALLY append your pin to the end of the password each time you login to the site. Of course this pin is stored as the password on the site, but in the password manager it is NOT stored.
So your password to the site would be:
That way, if the password manager is compromised, or the database where it is hosted, none of the passwords in that database will be usable, and it will appear that the database is corrupted to the attacker. In addition it adds another layer of security that doesn’t exist anywhere but in your mind.
This method is EXTREMELY secure and closes off a lot of threat vectors and adds pin-code security to password managers.10